9f49b452569a6b4e65af948fa99ef7ac65c069328ecf87aca180a2dd3dcf2667 | Triage

Submit
Reports

Overview

overview

7

Static

static

3

9f49b45256...cs.exe

windows7-x64

7

9f49b45256...cs.exe

windows10-2004-x64

7

Sharing

General

Target

9f49b452569a6b4e65af948fa99ef7ac65c069328ecf87aca180a2dd3dcf2667_NeikiAnalytics.exe
Size

5.7MB
Sample

240628-s7zwbaydnp
MD5

bb31da1eec9faee1a4097d226c510b00
SHA1

c913f856b678bd155113206120fa43bb38e6ee5d
SHA256

9f49b452569a6b4e65af948fa99ef7ac65c069328ecf87aca180a2dd3dcf2667
SHA512

22d13227becc735cb4db795c4e722e99baa9897619f8182dfb47145491146b13c278713b0a88a8828e78429dc88850b667f978b79767e443123323519abeaa33
SSDEEP

98304:Lte0fBLxIwVnABsF0saoOl11P4pQoR8qLf3gbz2FSmaI7dl0p3B:he2B1dVnx0sHbQbz2FSmaI7dlw

Score

7^/10

adware persistence spyware stealer upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

9f49b452569a6b4e65af948fa99ef7ac65c069328ecf87aca180a2dd3dcf2667_NeikiAnalytics.exe

Resource

win7-20240221-en

adware persistence spyware stealer upx

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

9f49b452569a6b4e65af948fa99ef7ac65c069328ecf87aca180a2dd3dcf2667_NeikiAnalytics.exe

Resource

win10v2004-20240611-en

adware persistence spyware stealer upx

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  9f49b452569a6b4e65af948fa99ef7ac65c069328ecf87aca180a2dd3dcf2667_NeikiAnalytics.exe
- Size
  
  5.7MB
- MD5
  
  bb31da1eec9faee1a4097d226c510b00
- SHA1
  
  c913f856b678bd155113206120fa43bb38e6ee5d
- SHA256
  
  9f49b452569a6b4e65af948fa99ef7ac65c069328ecf87aca180a2dd3dcf2667
- SHA512
  
  22d13227becc735cb4db795c4e722e99baa9897619f8182dfb47145491146b13c278713b0a88a8828e78429dc88850b667f978b79767e443123323519abeaa33
- SSDEEP
  
  98304:Lte0fBLxIwVnABsF0saoOl11P4pQoR8qLf3gbz2FSmaI7dl0p3B:he2B1dVnx0sHbQbz2FSmaI7dlw
Score

7^/10

adware persistence spyware stealer upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

adwarepersistencespywarestealerupx

behavioral2

adwarepersistencespywarestealerupx

© 2018-2024

Terms | Privacy